Re: [pkix] FW: New Version Notification for draft-wallace-est-alt-challenge-00.txt

Carl Wallace <carl@redhoundsoftware.com> Sat, 06 February 2016 15:19 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A10691A03FF for <pkix@ietfa.amsl.com>; Sat, 6 Feb 2016 07:19:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Iondsh3nCzVL for <pkix@ietfa.amsl.com>; Sat, 6 Feb 2016 07:19:51 -0800 (PST)
Received: from mail-qg0-x233.google.com (mail-qg0-x233.google.com [IPv6:2607:f8b0:400d:c04::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89C661A03E3 for <pkix@ietf.org>; Sat, 6 Feb 2016 07:19:51 -0800 (PST)
Received: by mail-qg0-x233.google.com with SMTP id y9so85530850qgd.3 for <pkix@ietf.org>; Sat, 06 Feb 2016 07:19:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware-com.20150623.gappssmtp.com; s=20150623; h=user-agent:date:subject:from:to:message-id:thread-topic:references :in-reply-to:mime-version:content-type:content-transfer-encoding; bh=Uu31AVxWIk03WzRE581Vt3V5H/I3jAnMjSd11ArVfdI=; b=IrdLxI4oXhOnpDYeUVzoZFT8/4DHRso5a4gTnlDogLMqCtp1RBXVO8tISaPSj+BdcU l2BfP2IiXfGj+DPKfKC8qKcS9v/PrzT1ptosiJbq1TL5UidI+kmI3hrBKG3CBIqYt9tN e1nnnNGQYPgXFVw30zGPjzhq5P7STk1r+PQWpRt3lVp96c4dR29hKLTQBG7NiAUBcQ6P ifvXFOsjgXeMqY6cJaWTGQYa5ya51YKpU4iRvMWV3+r65sfZK5onJDJvMmabkgeySW0b CJD5jJC9RZS3RKNWuasDEaXW7oLZzR6n4os382OGSHrSk264LVZmUkeKbppFP18B5A41 r9YQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:user-agent:date:subject:from:to:message-id :thread-topic:references:in-reply-to:mime-version:content-type :content-transfer-encoding; bh=Uu31AVxWIk03WzRE581Vt3V5H/I3jAnMjSd11ArVfdI=; b=ca6IobGkKGucZZcRBVg4leBoP86HI1TVEHWVWwkxDAhaXFh6eK8bThsUQatbCvXWEe n00k+8OiXoS72Sx8LFnZ4/6vbTSnHeeGiBj6TOu5cLATVXStkyLh9cXM7Ec8cNmOPG6M 2rBMvohMKT7/O2I5FAOPGq0i6fc4Mq0ZgeUc/odmEOeZyA/1c6HyfAVJRivQFFw+ZkkO i45Dk9a7kc5PpcgPErO4XkvO2OCWab4CI49Jrxzj0Hlvt4517WoMCQDIiiUNOsxrmUrw 4IrA5sRglrIp2S5KjjD6+5qQT8x9tTJgfWH2AG+sceUSwMuTgNWNbXCCdSGy+lRO2cq2 wuwA==
X-Gm-Message-State: AG10YORof+Rynho8gVlhtgeYQS/ZxHd3bVN57rwNCYpls1kMZcjL4yAIUY/HsnyyheuNVw==
X-Received: by 10.140.134.74 with SMTP id 71mr24807173qhg.75.1454771990659; Sat, 06 Feb 2016 07:19:50 -0800 (PST)
Received: from [192.168.2.28] (pool-96-255-23-4.washdc.fios.verizon.net. [96.255.23.4]) by smtp.gmail.com with ESMTPSA id z106sm10255741qge.18.2016.02.06.07.19.46 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 06 Feb 2016 07:19:49 -0800 (PST)
User-Agent: Microsoft-MacOutlook/14.5.8.151023
Date: Sat, 06 Feb 2016 10:19:41 -0500
From: Carl Wallace <carl@redhoundsoftware.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, PKIX <pkix@ietf.org>
Message-ID: <D2DB774A.4B795%carl@redhoundsoftware.com>
Thread-Topic: [pkix] FW: New Version Notification for draft-wallace-est-alt-challenge-00.txt
References: <20150803183532.30514.2647.idtracker@ietfa.amsl.com> <D1E61A8A.3B3AA%carl@redhoundsoftware.com> <560BBDAE.9070606@cs.tcd.ie> <56211D5C.8050105@cs.tcd.ie> <56B5E9D9.6090106@cs.tcd.ie>
In-Reply-To: <56B5E9D9.6090106@cs.tcd.ie>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/MVBqqw0Oaim2-lG0xc7ngRmtcuo>
Subject: Re: [pkix] FW: New Version Notification for draft-wallace-est-alt-challenge-00.txt
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Feb 2016 15:19:53 -0000


On 2/6/16, 7:40 AM, "pkix on behalf of Stephen Farrell"
<pkix-bounces@ietf.org on behalf of stephen.farrell@cs.tcd.ie> wrote:

>
>Well, it still is "after IETF94" I guess, but with apologies
>to the authors for dropping this ball...
>
>I've given this a read and have a question and a comment:
>
>Question:
>
>3.1: There are many OTP schemes in real use, and some CA might
>someday support >1 - why don't you need a mechanism-id or
>similar? (And section 5 here even calls out two different
>schemes that are documented in RFCs.) If you tell me that you
>think this isn't really needed (and if nobody else argues
>for it, that'll be fine but I wanted to ask.)

I don't think it's really needed. Even with a mechanism ID for either of
those referenced RFCs, context may dictate validator behavior in ways not
reflected by a mechanism ID. Tying OTP generator/validator behavior to
this attribute would be a big increase in scope. Were a mechanism ID ever
needed, it could be added as a peer attribute without requiring change to
a widely used structure.

>
>Comment:
>
>intro: Editorial suggestion: maybe list the existing uses of
>the field in a numbered list and refer back to that when
>necessary. I think that might help the reader to keep the
>different uses clear as they read.

Can this be handled as a last call comment?

>
>Once the authors have responded to the question above, I'll
>start IETF LC for this one.
>
>Cheers,
>S.
>
>PS: This was one of the drafts that prompted me to ask about
>forming a new wg, but since I'd already said I'd AD sponsor
>this on the list back in October, in fairness to the authors,
>I'm gonna just go ahead for this one while we see how the
>new-wg discussion pans out.
>
>On 16/10/15 16:53, Stephen Farrell wrote:
>> 
>> So on the basis of a little positive feedback and it being
>> fairly obvious I'll AD sponsor this one. I'll be working
>> with the authors on that and an IETF LC should ensue in the
>> not too distant (maybe just after IETF94). I'll send a mail
>> here when that starts.
>> 
>> Cheers,
>> S.
>> 
>> On 30/09/15 11:47, Stephen Farrell wrote:
>>>
>>> Folks,
>>>
>>> Carl and Max have asked me to AD sponsor this draft. Since it
>>> seems like it's almost a bug fix, I'll probably go ahead and
>>> do that if there are no significant objections here in the next
>>> couple of weeks (say by Oct 15).
>>>
>>> So if you care about EST, please take a look (it's only 8 pages)
>>> and say what you think.
>>>
>>> Thanks,
>>> Stephen.
>>>
>>> On 04/08/15 12:34, Carl Wallace wrote:
>>>> The draft referenced below may be of interest to some on this list. It
>>>> defines some new OIDs to disambiguate existing EST challengePassword
>>>> attribute usage from PKCS #9/legacy usage and defines a new OID to
>>>>convey
>>>> a one-time password as an additional value or alternative to the
>>>> tls-unique mechanism defined in EST.
>>>>
>>>> On 8/3/15, 2:35 PM, "internet-drafts@ietf.org"
>>>><internet-drafts@ietf.org>
>>>> wrote:
>>>>
>>>>>
>>>>> A new version of I-D, draft-wallace-est-alt-challenge-00.txt
>>>>> has been successfully submitted by Carl Wallace and posted to the
>>>>> IETF repository.
>>>>>
>>>>> Name:		draft-wallace-est-alt-challenge
>>>>> Revision:	00
>>>>> Title:		Alternative Challenge Password Attributes for Enrollment over
>>>>> Secure Transport
>>>>> Document date:	2015-08-03
>>>>> Group:		Individual Submission
>>>>> Pages:		9
>>>>> URL:         
>>>>> 
>>>>>https://www.ietf.org/internet-drafts/draft-wallace-est-alt-challenge-0
>>>>>0.tx
>>>>> t
>>>>> Status:      
>>>>> https://datatracker.ietf.org/doc/draft-wallace-est-alt-challenge/
>>>>> Htmlized:    
>>>>> https://tools.ietf.org/html/draft-wallace-est-alt-challenge-00
>>>>>
>>>>>
>>>>> Abstract:
>>>>>   This document defines a set of new Certificate Signing Request
>>>>>   attributes for use with the Enrollment over Secure Transport (EST)
>>>>>   protocol.  These attributes provide disambiguation of the existing
>>>>>   overloaded uses for the PKCS #9 challengePassword attribute.  Uses
>>>>>   include the original certificate revocation password, common
>>>>>   authentication password uses, and EST defined linking of transport
>>>>>   security identity.
>>>>>
>>>>>              
>>>>>        
>>>>>
>>>>>
>>>>> Please note that it may take a couple of minutes from the time of
>>>>> submission
>>>>> until the htmlized version and diff are available at tools.ietf.org.
>>>>>
>>>>> The IETF Secretariat
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> pkix mailing list
>>> pkix@ietf.org
>>> https://www.ietf.org/mailman/listinfo/pkix
>>>
>> 
>> _______________________________________________
>> pkix mailing list
>> pkix@ietf.org
>> https://www.ietf.org/mailman/listinfo/pkix
>> 
>
>_______________________________________________
>pkix mailing list
>pkix@ietf.org
>https://www.ietf.org/mailman/listinfo/pkix